From 2377e1d8c7263b4f83aa714e4c8c315babb57c6a Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 20 Sep 2020 23:40:40 +0100 Subject: [PATCH] Testsuite: avoid cipher vs. cert validity problem --- test/confs/5821 | 8 ++++---- test/log/5821 | 12 ++++++------ test/scripts/5820-DANE-GnuTLS/5821 | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/test/confs/5821 b/test/confs/5821 index 84d29bdfe..28999d5c7 100644 --- a/test/confs/5821 +++ b/test/confs/5821 @@ -10,7 +10,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_rcpt = accept logwrite = "rcpt ACL" +acl_smtp_rcpt = accept logwrite = "rcpt ACL: tls_in_bits $tls_in_bits" log_selector = +received_recipients +tls_peerdn +tls_certificate_verified @@ -19,11 +19,11 @@ tls_advertise_hosts = * # Set certificate only if server CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com -tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} -tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} +tls_certificate = CDIR2/fullchain.pem +tls_privatekey = CDIR2/server1.example.com.unlocked.key # Permit two specific ciphers -tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM +tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+AES-256-GCM # ----- Routers ----- begin routers diff --git a/test/log/5821 b/test/log/5821 index c1da057cf..f2266e77e 100644 --- a/test/log/5821 +++ b/test/log/5821 @@ -8,24 +8,24 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex -1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:RSA__CAMELLIA_256_GCM:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 "rcpt ACL" +1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 128" 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 "rcpt ACL" +1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 128" 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 "rcpt ACL" +1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 128" 1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:RSA__CAMELLIA_256_GCM:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 256" +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed diff --git a/test/scripts/5820-DANE-GnuTLS/5821 b/test/scripts/5820-DANE-GnuTLS/5821 index 7f83a401b..94f23ce19 100644 --- a/test/scripts/5820-DANE-GnuTLS/5821 +++ b/test/scripts/5820-DANE-GnuTLS/5821 @@ -16,12 +16,12 @@ Testing # ### Dane cipher specified, dane unused # Since dane unused, should get the same cipher as the baseline -exim -odf -DOPT=NORMAL:-CIPHER-ALL:+CAMELLIA-256-GCM CALLER@localhost.test.ex +exim -odf -DOPT=NORMAL:-CIPHER-ALL:+AES-256-GCM CALLER@localhost.test.ex Testing **** ### Dane cipher specified, dane used # Should get the cipher specified here -exim -odf -DOPT=NORMAL:-CIPHER-ALL:+CAMELLIA-256-GCM CALLER@dane256ee.test.ex +exim -odf -DOPT=NORMAL:-CIPHER-ALL:+AES-256-GCM CALLER@dane256ee.test.ex Testing **** # -- 2.30.2